Google: TurkTelekom hijacked our Level 3 DNS services

By on



?The TurkTelekom, Turkish?s national telecom provider, hijacked our Level 3 DNS services,? Google claimed, reports said.

According to ZDnet, Google is claiming that ISPs in Turkey are intercepting their Domain Name System (DNS) services and that this is done to block services such as YouTube and Twitter which are banned by the government.

Domain Name System?s purpose is to ?help one quickly and securely make their way to whatever host they are looking for.? DNS is an internet service that translates domain names into IP addresses needed for the purpose of locating computer services and devices worldwide. It is a hierarchical distributed naming system for computers, services, or any resource connected to the internet or a private network.

The ZDnet also reported, ?the order given to ISPs to remove access to the services in their DNS, but many have been getting around the problem by setting their DNS to Google’s free public DNS service (primary:, secondary Google is claiming that Turkish ISPs, apparently under order of the government, are intercepting access of Google’s servers and redirecting them to their own DNS, thus re-enabling the ban.?

?We have received several credible reports and confirmed with our own research that Google?s Domain Name System (DNS) service has been intercepted by most Turkish ISPs,? Steven Carstensen, a Google software engineer wrote adding that the Turkish ISPs have set up servers that ?masquerade? as Google?s DNS service.

Moreover, an Internet monitoring firm named Renesys said on Sunday that major internet provider Level 3?s DNS service was also hijacked. ?Turkish?s national telecom provider, TurkTelekom, hijacked the DNS servers of both companies using the Border Gateway Protocol (BGP). Organizations and companies that run networks ?announce? BGP routing, which is public information used in networking equipment to route traffic. Occasionally, an organization will mistake and broadcast incorrect BGP information, inadvertently hijacking the traffic belonging to another network. But as in the cases of Google and Level 3, BGP changes can also be malicious.?

On a blog post entitled ?Turkish Internet Censorship Takes a New Turn? Earl Zmijewski, a vice president and general manager for Renesys, wrote:

?Internet censorship in Turkey took a new and ominous turn yesterday. In order to better seal off access to social media sites like YouTube and Twitter, the incumbent TurkTelecom began hijacking the IP address space of public DNS resolvers like those of Google. This allows TurkTelecom servers to masquerade as Google DNS servers, returning whatever answers they want. Under normal circumstances, such queries would have been destined for servers outside the country, which is how Turkish users were circumventing the ban on YouTube imposed earlier this week. However, now local users of these global DNS services are surreptitiously redirected to alternate providers within TurkTelekom.?

It could be remembered that a few days ago, the Turkish government had ordered to shutdown of YouTube due to an incident where a government official discussion on possible military action in Syria was deliberately posted in YouTube. The Turkish government had also ordered the shutdown of Twitter some time ago.

About the author

To Top